-   Linux - Server (
-   -   Enforcing /etc/shells (

garion 12-07-2012 04:26 AM

Enforcing /etc/shells
It is possible to assign a shell that is not listed in /etc/shells. All I get is a warning message, for example:

Warning: "/bin/DifferentShell" is not listed in /etc/shells.

However, the shell is still changed. Is there anyway of forcing the system to only allow shells listed?

Berhanie 12-07-2012 06:09 AM

i ran strace on chsh on my system, and it shows that chsh consulted /etc/pam.d/chsh. there's a pam_shells module that can be required, and it even has a man page. my man page for chsh was typically incomplete:

      chsh  will  accept  the  full  pathname of any executable file on the system.  However, it will
      issue a warning if the shell is not listed in the /etc/shells file.  On the other hand, it  can
      also  be  configured  such  that it will only accept shells listed in this file, unless you are

All times are GMT -5. The time now is 01:05 AM.